Why You Must Think Like a HACKER

to Prevent CYBER ATTACKS

Here’s the cheat-sheet for this week’s episode of Life of a CISO. In order to be a good CISO, it’s not enough to think like IT support, you must learn to think like the adversary. Remember, prevention is good, but detection is a must, and you can’t have 100% security and have functionality.

Tune in to today’s episode to learn how to start thinking like a hacker so that you can prevent cyber attatcks!

In this episode:

• 0:04 Welcome to this episode of Life of a CISO
• 0:37 The importance of thought leadership and strategic thinking
• 2:15 The most important thing a CISO needs to know: Your critical data, the threats, and vulnerabilities that exist that could cause harm to that critical data?
• 4:30 100% security doesn’t exist
• 5:17 What is the difference between a major breach and a minor breach?
• 6:43 A minor breach is caught before major damage is done. A major breach is not
• 8:20 Prevention is ideal, detection is a must
• 9:00 How does an attack occur?
• 9:22 Every attack is not unique
• 10:30 Think like an attacker
• 11:13 The server and the client
• 15:11 The 5 step process
• 12:14 Companies fail because they focus most on step 3
• 13:06 An easy way to see what is visible from outside of your network
• 15:06 The adversary knows more than you do
• 17:06 It all starts with an accurate network diagram
• 18:33 Do your reconnaissance, just like the adversary
• 19:05 The server (part 1)
• 20:29 Start with internet-facing systems
• 21:35 The 90% rule
• 23:45 If you don’t know the vulnerabilities, your adversary will
• 24:32 No internet-facing system can have critical data
• 27:00 Users (Part 2)’
• 28:25 Emails are not good for file transfers
• 29:18 Cost/benefit analysis if you stopped allowing email attachments
• 30:15 Awareness of users
• 30:40 Most attacks are targeted for Windows
• 32:28 Review and wrap-up.